How encryption fails

Posted by: Stephen Wildstrom on March 05, 2008

In a comment on an earlier post of mine about how Princeton researchers cracked disk encryption on computers, John Hollingsworth asks how this sort of thing happens when encryption technology undergoes government scrutiny.

It’s true that the U.S. government was deeply involved in the development of the two most widely used algorithms for encryption of large blocks of data. The Data Encryption Standard was developed by the National Security Agency as a modification of an IBM project and the Advanced Encryption Standard came out of a National Institute of Standards & Technology competition to find a successor to DES. And encryption technology gets a government seal of approval through NIST’s Federal Information Processing Standards, which make AES the algorithm of choice for sensitive but unclassified government data (classified stuff uses military algorithms which NSA keeps very close to its vest.)

With such good technology freely available, it shouldn’t be surprising that the failures of encryption that do occur almost never are caused by the encryption algorithm itself but by the way the entire encryption system is implemented. This is a much trickier business and each installation is more or less a custom deal. The hardest piece of any crypto system is the management of the keys. The Princeton attack succeeded because it allows the researchers to extract the keys from a computer’s memory. And once an attacker has the key, it doesn’t matter how good the lock is.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Post a comment

Name

Email

Comment

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.